Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
CrewAI

CrewAI Vendor Cyber Rating & Cyber Score

crewai.com

Crew AI is at the forefront of Agentic AI with its open source, multi-agent framework and cloud platform for building, managing and scaling agentic workflows across the entire organization.


CrewAI A.I CyberSecurity Scoring

CrewAI
Company Information
Website:https://crewai.com
Employees number:52
Number of followers:91,705
NAICS:5112
Industry Type:Software Development
Homepage:crewai.com
CrewAI Risk Score (AI oriented)
Between 750 and 799
logo
CrewAISoftware Development
Updated:
05/04/2026
750/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
CrewAI Global Score (TPRM)
xxxx
logo
CrewAISoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

CrewAI
CrewAIFair
Current Score
750Baa (FAIR)
01000
1 incidents
-2 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
750Before Incident
JUNE 2026
750Before Incident
MAY 2026
750Before Incident
APRIL 2026
752Before Incident
Vulnerability
31 Mar 2026CrewAI
CrewAI: CrewAI Vulnerabilities Expose Devices to Hacking

Critical Vulnerabilities in CrewAI Framework Enable Remote Code Execution and Data Theft

750After Incident
CRITICAL-2
CRE1774967753
Critical Vulnerabilities in CrewAI Framework Enable Remote Code Execution and Data Theft Security researcher Yarden Porat of Cyata has uncovered four critical vulnerabilities in CrewAI, an open-source Python-based framework for multi-agent AI orchestration. If chained together, these flaws could allow threat actors to execute arbitrary code, access sensitive files, and steal credentials from affected systems. The vulnerabilities CVE-2026-2275, CVE-2026-2286, CVE-2026-2287, and CVE-2026-2285 stem from improper configurations and insecure fallback mechanisms in the Code Interpreter tool, which enables Python code execution within a Docker container. The first flaw (CVE-2026-2275) occurs when the tool defaults to an insecure SandboxPython environment if Docker is unavailable, allowing arbitrary C function calls if code execution is enabled in the agent’s configuration. Exploiting this flaw can trigger the remaining vulnerabilities: - CVE-2026-2286: A server-side request forgery (SSRF) bug in RAG search tools, enabling attackers to access internal and cloud services due to improper URL validation. - CVE-2026-2287: A remote code execution (RCE) risk caused by CrewAI failing to verify Docker’s runtime status, falling back to an insecure sandbox. - CVE-2026-2285: An arbitrary file read issue in the JSON loader tool, allowing unauthorized access to local files due to unvalidated file paths. Attackers could exploit these flaws through direct or indirect prompt injections, bypassing sandbox protections to execute code on the host machine or exfiltrate data. While no official patch has been released, CrewAI’s maintainers are developing mitigations, including blocking vulnerable modules, enforcing fail-closed configurations, and updating security documentation. Temporary workarounds include disabling the Code Interpreter tool, restricting code execution flags, and applying input sanitization to limit exposure. The vulnerabilities highlight risks in AI agent frameworks, particularly when handling untrusted input.
INCIDENT DETAILS -
TYPE
Remote Code ExecutionData TheftServer-Side Request ForgeryArbitrary File Read
IMPACT
Sensitive filesCredentialsCrewAI Framework
DATA BREACH
Sensitive filesCredentialsData Exfiltration: Possible
MARCH 2026
752Before Incident
FEBRUARY 2026
752Before Incident
JANUARY 2026
752Before Incident
DECEMBER 2025
752Before Incident
NOVEMBER 2025
752Before Incident
OCTOBER 2025
752Before Incident
SEPTEMBER 2025
752Before Incident
AUGUST 2025
752Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for CrewAI ?
?
What was CrewAI's A.I Rankiteo Cyber Score in June 2026 ?
?
What was CrewAI's A.I Rankiteo Cyber Score in May 2026 ?
?
What was CrewAI's A.I Rankiteo Cyber Score in April 2026 ?
?
What was CrewAI's A.I Rankiteo Cyber Score in March 2026 ?
?
What was CrewAI's A.I Rankiteo Cyber Score in February 2026 ?
?
What was CrewAI's A.I Rankiteo Cyber Score in January 2026 ?
?
What was CrewAI's A.I Rankiteo Cyber Score in December 2025 ?
?
What was CrewAI's A.I Rankiteo Cyber Score in November 2025 ?
?
What was CrewAI's A.I Rankiteo Cyber Score in October 2025 ?
?
What was CrewAI's A.I Rankiteo Cyber Score in September 2025 ?
?
What was CrewAI's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on CrewAI's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with CrewAI ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view CrewAI's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?